RE: Comments on Interoperability Roadmap Draft Version 1.0

Transcription

1 Dr. Karen DeSalvo, MD, MPH, MSC National Coordinator for Health Information Technology Office of the Secretary, Department of Health and Human Services 200 Independence Ave., S.W., Room 7-729D Washington, D.C RE: Comments on Interoperability Roadmap Draft Version 1.0 Dear Dr. DeSalvo: Thank you for the opportunity to submit comments on Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap. As you know well, health data will transform health and health care, but change cannot happen soon enough. The Health Data Consortium (HDC) sits at the intersection of health data, innovation and public policy. HDC is a public-private consortium focused on promoting the accessibility, availability and responsible use of health data and encourages collaboration among health data users and stakeholders to ignite innovation, drive down rising health care costs and improve patient outcomes. We bring together a diverse group of stakeholders including patient advocates, providers, researchers, industry representatives, innovators, and policymakers to advance the national dialogue surrounding the key barriers and opportunities in using health data. Since its formation, HDC has focused on a number of important cultural, technical, and public policy issues concerning health data, including data governance, data accessibility, privacy and security and consumer engagement. As you also know well, today there are many different types of health data being collected besides traditional electronic health record (EHR) information. These include data from medical devices, clinical trials, clinical registries as well as mobile health and wearable technologies. The volume of health data is expected to continue to grow exponentially in the future. In fact, it is projected that an estimated 50 billion connected devices will be available globally by 2020 approximately six devices per person, many of which will have the ability to collect usable data. 1 1 Topol, E. J., Steinhubl, S. R., & Torkamani, A. (2015). Digital Medical Tools and Sensors. Journal of the American Medical Association, 313(4), doi: /jama

2 Page 2 of 8 Yet despite the significant technological advancements over the last decade to collect massive amounts of health data, the absence of a national data governance model and associated data infrastructure continues to impair our ability to get a comprehensive and longitudinal picture of a patient, and hinders our ability to access health data at the right time by the right person in the proper setting. We applaud the Office of the National Coordinator for Health IT (ONC) for bringing together public and private stakeholders to advance the nation towards a more connected, interoperable health IT infrastructure. HDC agrees with the laudable goals of the draft roadmap and is committed to furthering the advancement of the roadmap and interoperability in general. Although the draft roadmap covers many important topics, we have focused our comments below on a number of specific issues that we believe are critical to advancing health data accessibility, liberation and liquidity. We also have provided suggestions for additional strategies to be considered for inclusion. Rules of Engagement and Governance We agree with the draft roadmap that a critical component of nationwide interoperability is a common set of standards, services, policies and practices that facilitate health information exchange. We also agree that pursuing a strategy of data governance will help identify common policies, operational or business practices, and standards to support services that enable interoperability. A data governance model may create a mechanism for establishing trust across different systems, a critical component of viable and sustainable health information exchange. Building trust nationwide requires assurances that each data holder adheres to a minimum set of common policies, operational and/or business practices or standards. There must be a set of rules of the road or guardrails to advance interoperability. We support the multi-stakeholder approach proposed in the draft roadmap to address operational issues, to identify barriers to interoperability, and to create mechanisms for demonstrating and identifying compliance with the rules as well as addressing non-compliance. We also agree that the multi-stakeholder governance approach must be a transparent and inclusive process particularly when it comes to identifying operational issues and in making decisions to advance interoperability. This process should be a public-private partnership with an intentional focus on person-centered health care delivery. We agree that governance needs to address the three subject matter areas of policy, operations and technical standards. First, with respect to policy, we support the principle that data holders and entities facilitating interoperability must, in accordance with applicable laws

3 Page 3 of 8 and individual preference, exchange information with the patient for care coordination and other purposes. Policy, business, operational or technical barriers that are not required by law should not prevent the free flow of data throughout the ecosystem. A recurring theme we have heard is the inability of individuals to access their data in a timely manner and in turn, share that information with a third party. Often this is due to excessive compliance and confusion over what the Health Insurance Portability and Accountability Act (HIPAA) legally requires. In other words, stakeholders often err on side of caution in sharing data with a patient or a third party rather than run afoul of the legal requirements of HIPAA. Consequently, we appreciate that as part of the data governance principles, the draft roadmap requires that when individuals clearly instruct a data holder to release information about them to a third party, the data holder should comply with this directive. However, we remain unclear about the meaning of the principle that data holders and entities that facilitate interoperability should not compete on the availability of patient data. What constitutes facilitating interoperability is ambiguous and we respectfully request further clarification on this principle. We appreciate that the draft roadmap acknowledges that to encourage collaboration, data holders should avoid situations where (even when permissible by law), differences in fees, policies, services, operations or contracts prevent data exchange. Data holders and entities facilitating interoperability should also not establish policies or practices in excess of law that inhibit data accessibility by other entities that are in compliance with existing law and these governance principles. We are encouraged that the draft roadmap recognizes the principle that individuals should have the power to choose what information different data holders collect and how they use and share it. However, ONC may want to take into consideration instances where having such control could affect the quality of care delivered to the individual, whether there are public health considerations that should be taken into account or whether there are any health literacy challenges that may hinder an individual s ability to be able to be make informed decisions about the collection, use and sharing of their personal information. ONC may also want to consider whether the context and type of information matters in the extent to which the data is collected, used and shared. Furthermore, ONC may also want to consider the secondary use of such data and the extent to which an individual can, or is able to exercise control over how that data is collected, used and shared. We support the principle put forth in the draft roadmap that data holders and entities facilitating data exchange should provide easily understandable and accessible information about its data practices. We also agree that data holders should secure and ensure responsible handling of personal health information. The recent number of data breaches in the health care industry has sparked serious concern that the industry is unprepared for data breaches and

4 Page 4 of 8 cyberattacks. In fact, a number of analysts predict that these breaches will continue to grow given the value of sensitive patient data. This is cause for concern, particularly when according to a 2014 Ponemon Institute study, the potential cost to the health care industry could be as much as $5.6 billion annually. 23 Data holders should also provide individuals with the ability to obtain electronic access to their health information and the ability to correct information in a timely manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to the individual if the data is inaccurate. However, we respectfully request that ONC consider what a transparent, formalized process may look like including notification to the patient and his or her caregiver as well as correction of the misrepresented information. For instance, would the process be similar to the credit bureaus current processes when fraudulent activity is reported? Second, with respect to operations, we agree with the draft roadmap that entities facilitating interoperability should be transparent, that they should promote inclusive participation and adequate stakeholder representation in developing internal data policies and operations, and that there should be neutrality in the exchange of personal health information. Finally, with respect to standards, we support the draft roadmap s governance principle that data holders should ensure that standards are prioritized, developed and implemented to support the public interest, national priorities and the rights of individuals. Standards should support data portability and data liquidity. Moreover, the development and implementation of these standards should enable the adaptation and evolution of health information exchange and technologies supporting health information exchange to meet current and future needs. We also agree with the principle that any adoption of standards should not provide an unfair advantage to one sector or organization over others. Supportive Business, Clinical, Cultural and Regulatory Environments We agree with the draft roadmap that to achieve a learning health system (LHS), there must be a supportive business and regulatory environment to encourage interoperability, which may require the use of policy and funding levers to foster business adoption. 2 Experian. (2014) Second Annual Data Breach Industry Forecast. Retrieved from: 3 Ponemon Institute. (March, 2014). Fourth Annual Benchmark Study on Patient Privacy & Data Security. Retrieved from: /ID%20Experts%204th%20Annual%20Patient%20Privacy%20%26%20Data%20Security%20Report%20FINAL%20%2 81%29.pdf?cm_mmc=Act-On%20Software-_- -_-Fourth%20Annual%20Ponemon%20Report%20Download-_- You%20can%20download%20the%20report%20here

5 Page 5 of 8 The current fee-for-service system is a major barrier to interoperability. The current payment model encourages volume over value resulting in inefficiency and wasteful spending. In contrast, value-based payment models recognize the importance of data liquidity, or access to quality information to better inform timely clinical decision-making. The result is likely to be improved outcomes, lower costs and increased patient satisfaction. The shift to value-based payment models strengthens the business imperative for adopting common standards and exchanging data to provide coordinated and effective care. We agree with the draft roadmap s contention that stakeholders should explore opportunities to accelerate interoperability as a component of broader efforts to move towards value-based payment models. Along these lines, we are encouraged by the recent announcement of the launch of the Health Care Payment Learning and Action Network because the ability of data to freely flow throughout the health ecosystem will be critical to the success of value-based payment models. We are also encouraged by recent passage of H.R. 2, the Medicare Access and CHIP Reauthorization Act in the U.S. House of Representatives which also encourages the movement away from a fee-for-service payment system to one that is based on value. Individuals today cannot easily access to their records. As noted above, we have found that this is in part due to excessive compliance with HIPAA. As the volume of health data continues to grow along with increasing demand to include different types of data in the EHR that are currently not there (such as genomic data or data from wearables), this problem will only be exacerbated. Therefore, we agree with the draft roadmap that there needs to be greater focus on incorporating patient-generated data into the EHR. We are encouraged that the roadmap calls for the availability of tools for individuals to use this information to manage their health empowering them to make informed decisions about their health and health care. We also appreciate that the roadmap proposes a call to action to individuals and caregivers to demand access to their electronic health information in a format that they can use to manage their health and the health of others by We also support the call to action that calls on providers to support consumers in downloading or transmitting their health data to a destination of their choice by These are achievable goals and critical steps to empowering individuals to play an active role in their care delivery. We are also pleased that the draft roadmap calls on providers and developers to support the incorporation of patient-generated data in health care delivery. By incorporating such data, providers will be able to form a better picture of the patient s health and the best care options based on a more complete picture of the patient. Privacy and Security Protections for Health Information The success of health information exchange and nationwide interoperability is dependent on individuals trust that their health data will be kept private and secure and that their rights with respect to the information will be respected.

6 Page 6 of 8 Digital health innovation is taking place within the health care industry, creating more opportunities to share data. By mid-2014, digital health funding approached $2.3 billion, a 170 percent increase over This trend is anticipated to continue with the market for digital health expected to surpass $200 billion by However, privacy laws and regulations have in some instances failed to keep pace with these developments. The result is that while these laws are designed to protect privacy, they have hindered the ability to exchange data. To allow innovation to flourish, action must be taken to reduce the variation in the current legal, regulatory and organizational policy environment related to privacy, including HIPAA. At the same time, stakeholders must ensure that any changes or modifications to the legal, regulatory and organizational policies relating to privacy do not substantively erode individual privacy rights. We support the draft roadmap s proposal that by 2017, federal and state governments in coordination with health information privacy policymakers should conduct outreach and disseminate educational materials as well as guidance by the Office for Civil Rights (OCR) for learning health system participants about Permitted Uses and Disclosure of health information and Individual Choice. As part of this initiative, we ask ONC that innovators and entrepreneurs not be forgotten in its education and outreach efforts. Innovators and entrepreneurs will increasingly play an important role in advancing a robust data infrastructure. We have found that many entrepreneurs find it difficult to determine when use and disclosure of health information is appropriate, particularly when they develop consumer-facing technology or are not a covered entity or business associate under HIPAA. Such outreach could play a critical role in helping these entrepreneurs understand their privacy responsibilities while fostering innovation in the marketplace. In addition, we also believe that state governments and stewards of health information should harmonize existing regulations and policies with existing HIPAA regulations for health information that is regulated by HIPAA. Today, states have created a patchwork of privacy laws that are not uniform, easily understood and often times difficult to comply with. Alignment of these regulations and policies will not only encourage data sharing but foster innovation while preserving patient privacy. Certification and Testing to Support Adoption and Optimization of Health IT Products and Services We agree with the draft roadmap that as part of a learning health system, stakeholders that use and purchase health IT systems must have reasonable assurances that the system can interoperate with other systems. Along these lines, we support the establishment of well- 4 Hagel, J., Keith, J., Brown, J.S., Samoylova, T., & Hoversten, S. (2014). A Consumer-driven Culture of Health: The Path to Sustainability and Growth. Retrieved from: 5 Id.

7 Page 7 of 8 coordinated certification and testing programs whether they be established by public or private entities to ensure that no conflicting or duplicative requirements are implemented. Core Technical Standards and Functions As part of a learning health system, common formats are the bedrock of successful interoperability. To successfully move data from one stakeholder to another, the meaning of the information must be maintained and consistently understood as it travels. As the draft roadmap notes, for a learning health system to innovate, the industry will have to agree on the use of common content and vocabulary standards to satisfy each specific interoperability purpose. If we are to advance interoperability, stakeholders, both private and public, must agree to a standardized common clinical data set that is consistently and reliably shared during transitions of care. Having a standardized common clinical data set would, as the draft roadmap proposes, establish a foundation and could be improved upon over time. Stakeholders must make progress on standards that could support the exchange of more structured, standardized and discrete information as to allow the data to be used and received by other systems. However, we appreciate that the draft roadmap recognizes that there is a tension that exists in having the data too structured and acknowledge that there is still value in the documentation and exchange of some unstructured data to prevent a loss of signal in the delivery of care. With respect to application programming interfaces or APIs, we agree with the recommendations of the 2014 JASON Report, A Robust Data Infrastructure, that to develop a robust data infrastructure, stakeholders need to develop open standards, protocols and public APIs. We also agree with the recommendations of the HIT Policy Committee s JASON Report Task Force that rather than a top-down approach, public APIs should be defined by a publicprivate stakeholder group and be uniformly available, non-proprietary, tested by a trusted third-party and operate within a well-defined business and legal framework. Consequently, we are pleased that the draft roadmap recommends that developers work with Standards Developing Organizations (SDOs) to develop public APIs. We also appreciate that the draft roadmap encourages through EHR certification the adoption of specific APIs or consistently functioning APIs in a manner that does not prevent the adoption of new and innovative APIs. Additionally, we agree with the JASON Report Task Force that existing incentive programs and regulatory processes should be aligned to stimulate the use of public APIs. 6 To encourage the accelerated adoption and implementation of public APIs, federal health care entities should also adopt public APIs as part of their procurement and day-to-day activities including Medicare and Medicaid, the Department of Defense and the Department of Veterans Affairs. 7 6 (2014). JASON Report Task Force Final Report 7 Id.

8 Page 8 of 8 However, we are concerned about the draft roadmap s recommendation to limit the number of standard APIs to reduce complexity. The availability of APIs has not been a priority for developers so far and this aspect of business development is still in its infancy. To begin to limit the number of APIs may hinder innovation at this juncture and it may be best to let the market drive standardization. That said, we appreciate that the draft roadmap recognizes that there is no one-size fits all solution and that it encourages coordination among stakeholders in this context. We thank you again for the opportunity to comment on the draft roadmap. We look forward to working with ONC to further enhance the implementation strategies in achieving health IT interoperability. Should you or your staff have any additional questions or comments, please contact Lauren Ellis Riplinger, Director of Policy and Government Affairs at or at Sincerely, Dr. Christopher Boone, PhD, FACHE Executive Director Health Data Consortium

April 3, 2015 Karen DeSalvo, MD, MPH, MSc National Coordinator for Health Information Technology Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human

Health Data Accessibility Priorities for the U.S. Health Care System Health Data Leadership Summit Presented by: January 2015 Nashville, TN Disclaimer This paper is the output of the Health Data Consortium

To: CHIME Members From: CHIME Public Policy Staff Re: Summary - Interoperability Section (Sec. 3001) of the 21 st Century Cures Legislation Purpose: Below is an overview of the section of the 21 st Century

McKesson Corporation One Post Street San Francisco, CA 94104 www.mckesson.com This McKesson response was submitted electronically to the Office of the National Coordinator for Health IT (ONC) on. Question

FEDERAL HEALTH IT STRATEGIC PLAN 2015 2020 Prepared by: The Office of the National Coordinator for Health Information Technology (ONC) Office of the Secretary, United States Department of Health and Human

Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Roadmap version 1.0 Calls to Action and Commitments for People and Organizations That Provide Health IT Capabilities Stakeholders

DETAILED COMMENTS ON MEANINGFUL USE STAGE 3 PROPOSED RULE LEARN FROM STAGE 2 OF MEANINGFUL USE BEFORE MOVING TO STAGE 3 Learn from the Experience in Stage 2 The majority of hospitals and nearly all physicians

www.ilhitrec.org UPDATE ON THE ADOPTION OF HEALTH INFORMATION TECHNOLOGY AND RELATED EFFORTS TO FACILITATE THE ELECTRONIC USE AND EXCHANGE OF HEALTH INFORMATION JULY 2013 Information is widely recognized

CMS AND ONC FINAL REGULATIONS DEFINE MEANINGFUL USE AND SET STANDARDS FOR ELECTRONIC HEALTH RECORD INCENTIVE PROGRAM The Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator

May 7, 2015 The Honorable Fred Upton Chairman, House Energy and Commerce Committee United States House of Representatives Washington, DC 20515 The Honorable Diana DeGette Member, House Energy and Commerce

WORKING P A P E R Health Information Technology (HIT) Adoption Standards and Interoperability BASIT CHAUDHRY WR-313 October 2005 This product is part of the RAND Health working paper series. RAND working

COMMUNIQUÉ ON PRINCIPLES FOR INTERNET POLICY-MAKING OECD HIGH LEVEL MEETING ON THE INTERNET ECONOMY, 28-29 JUNE 2011 The Seoul Declaration on the Future of the Internet Economy adopted at the 2008 OECD

HealthFusion MediTouch EHR Stage 2 Proposed Rule Comments We appreciate the Department of Health and Human Services (HHS) and the Office of the National Coordinator for Health Information Technology (ONC)

EURORDIS-NORD-CORD Joint Declaration of 10 Key Principles for Rare Disease Patient Registries 1. Patient Registries should be recognised as a global priority in the field of Rare Diseases. 2. Rare Disease

ACTION REQUESTED: Submission of Comments to CMS on IFC Administrative Simplification: Adoption of Standards for EFTs and Remittance Advice. Comments are due to CMS by 5 pm on March 12, 2012. March 6, 2012

OVERVIEW Yale University Open Data Access (YODA) Project These procedures support the YODA Project Data Release Policy and more fully describe the process by which clinical trial data held by a third party,

WHITE PAPER The HIPAA Omnibus Final Rule Four risk exposure events that can uncover compliance issues leading to investigations, potential fines, and damage to your organization s reputation. By Virginia

RECOMMENDED CHARTER FOR THE IDENTITY ECOSYSTEM STEERING GROUP 1. Identity Ecosystem Steering Group Charter The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy), signed by President

Connecting Health and Care for the Nation A Shared Nationwide Interoperability Roadmap DRAFT Version 1.0 Table of Contents Letter from the National Coordinator... 4 Questions on the Roadmap... 6 Executive

The American Recovery and Reinvestment Act of 2009 Summary of Key Health Information Technology Provisions July 1, 2009 This document is a summary of the ARRA and offered for information only. As the term

INTRODUCTORY NOTE TO THE G20 ANTI-CORRUPTION OPEN DATA PRINCIPLES Open Data in the G20 In 2014, the G20 s Anti-corruption Working Group (ACWG) established open data as one of the issues that merit particular

April 28, 2014 Karen DeSalvo, MD National Coordinator for Health Information Technology Office of the National Coordinator for Health Information Technology Department of Health and Human Services Submitted